A long time in the making, South Africa's Cyber Crimes Bill is inching closer to becoming law, as it was passed by the National Assembly in November 2018.

ITWeb Security Summit 2019

Registration is open for the event in Johannesburg and Cape Town. The agenda features themes ranging from developing cyber security strategy and increasing user awareness, to the latest trends impacting on security. Eight top international keynote speakers have been confirmed. Register today to benefit from our early bird prices. To find out more, click here.

The initial draft Bill was not well received, with critics saying it was too broad and open to abuse, and was a threat to the fundamental spirit of the Internet, which is open and democratic.

Subsequent changes to the Bill, including the removal of some of the security obligations, saw it drop the 'security' part of the originally named Cyber Crimes and Cyber Security Bill.

"This leaves it to focus on building out the computer crimes landscape," says Corien Vermaak, cyber security specialist at Cisco, who will speak at ITWeb Security Summit 2019, to be held from 27 to 31 May at the Sandton Convention Centre.

She says historically, SA relied on a light definition of computer crime encapsulated in the Electronic Communications and Transactions Act.

Comparing SA to its international counterparts, Vermaak says: "We are very late to adopt legislation; in the UK, computer crime was maturely criminalised in the 90s. The Budapest convention was signed in November 2001 and the African Union accepted model legislation in this regard in 2012 already."

This is now a matter of urgency for South Africa, she says.

Speaking of the impact the Cyber Crimes Bill will have on business leaders, Vermaak says the debate of consequences is one that may be seen as theoretical, as many industry players have voiced concerns that our government structures are unable to effectively prosecute these crimes due to numerous reasons, including a lack of skills.

"This lack of skills is not unique to government, as there is a general lack across the disciplines of computer security and crime. However, the intent of the Bill is to hold criminal elements as well as organisations responsible for the part they play in facilitating and enabling these crimes to take place."

She says we are yet to see how this will affect larger players, but predicts organisations will fall into one of two categories. "Firstly, those that embrace the legislation and see it as a matter of compliance within all the business structures. Secondly, those that will wait to see how effective the prosecution is before really acting on the requirements."

Delegates attending Vermaak's talk will gain an understanding of what constitutes cyber crimes, and will learn how the Cyber Crimes Bill will affect business processes outside of IT. She will outline a pragmatic approach to implementing this in local businesses.